An independent group of security engineers has released an unofficial patch for a bug in Microsoft’s Internet Explorer browser, which has not yet been patched by the software giant.
Microsoft has admitted the existence of the security bug – linked to Windows’ implementation of Vector Markup Language – which could allow hackers to take control of machines, as well as opening up systems to spam, adware and spyware.
The software giant has also confirmed that the vulnerability is already being actively exploited, but at present it has no plans to release a patch ahead of its next scheduled monthly security release on 10 October.
The Zeroday Emergency Response Team (ZERT) was set up by a group of professionals aiming to work together to produce non-supplier patches as protection against zero-day exploits that pose a serious risk to the public, to the infrastructure of the internet or both.
It has now issued a patch for the Internet Explorer bug, available for download from http://isotf.org/zert/.
In its manifesto, ZERT states, “It is always a good idea to wait for a vendor-supplied patch and apply it as soon as possible, but there will be times when an ad-hoc group such as ours can release a working patch before a vendor can release their solution.”
Vote for your IT greats
Who have been the most influential people in IT in the past 40 years? The greatest organisations? The best hardware and software technologies? As part of Computer Weekly’s 40th anniversary celebrations, we are asking our readers who and what has really made a difference?
Vote now at: www.computerweekly.com/ITgreats